TL;DRAI

FortiBleed exposed 86,000 Fortinet firewall and VPN credentials across 194 countries, impacting 50% of internet-facing devices. Organizations must reset credentials, enforce PBKDF2 and MFA, and lockdown management access to mitigate breach risk.

CISA is urging organizations to harden their internet-accessible Fortinet devices in response to a large-scale credential theft campaign that likely impacts over 86,000 firewalls and VPNs.

Referred to as FortiBleed, the campaign was flagged earlier this week. SOCRadar initially warned of over 30,000 compromised Fortinet devices potentially exposing enterprise networks to hacking, and has since updated that figure to 86,000.

“Discovered in June 2026, the operation has produced a verified database of over 86,644 confirmed working credentials across 194 countries, all collected from internet-facing Fortinet infrastructure,” the company says.

The hackers have compiled a database of usernames and passwords, tested using automated scripts. Some credentials were likely compromised in previous incidents, but never rotated.

Security researcher Kevin Beaumont, together with Hudson Rock, worked with some of the impacted organizations and verified that the logins are valid and fairly recent.

securityweek.com

FortiBleed: 86,000 Fortinet Device Credentials Compromised

The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs.

venerdì 19 giugno 2026 New tab

TL;DRAI

397 words~2 min read

CISA is urging organizations to harden their internet-accessible Fortinet devices in response to a large-scale credential theft campaign that likely impacts over 86,000 firewalls and VPNs.

The hackers have compiled a database of usernames and passwords, tested using automated scripts. Some credentials were likely compromised in previous incidents, but never rotated.

Security researcher Kevin Beaumont, together with Hudson Rock, worked with some of the impacted organizations and verified that the logins are valid and fairly recent.

FortiBleed: 86,000 Fortinet Device Credentials Compromised

FortiBleed: 86,000 Fortinet Device Credentials Compromised

Other newsrooms on this story

Related reading

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

Tens of thousands of devices hacked in 'FortiBleed' attack

'FortiBleed': 75,000 Fortinet firewalls' logins exposed

FortiBleed campaign used custom FortiGate sniffer to steal credentials

Fortinet Responds to FortiBleed Campaign

CISA warns Fortinet users to secure devices after FortiBleed leak

Related reading

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

Tens of thousands of devices hacked in 'FortiBleed' attack

'FortiBleed': 75,000 Fortinet firewalls' logins exposed

FortiBleed campaign used custom FortiGate sniffer to steal credentials

Fortinet Responds to FortiBleed Campaign

CISA warns Fortinet users to secure devices after FortiBleed leak

Other newsrooms on this story